oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE id request: blender

From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Mon, 27 Oct 2008 17:57:58 +1100
Hi

There is a programming error in blender that can lead to arbitrary code 
execution.

Description:
Blender's BPY_interface calls PySys_SetArgv such that Python prepends
sys.path with an empty string.  This allows the possibility to run
arbitrary code on the user's system if there is a python file in
Blender's working directory named the same as one that Blender's python
scripts try to import.

Debian Bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632

Could I please get a CVE id for this?

Cheers
Steffen

Attachment: signature.asc
Description: This is a digitally signed message part.

Previous By Date Next
Previous By Thread Next

Current thread: